Severity Rating: High

Overview

In recent times, a Password manager LassPass service was hit by a cyberattack leading to Data Breach. It is reported that the threat actors obtained personal information belonging to its users that include their encrypted password vaults by leveraging data leaked. The data is encrypted and the threat actor could possibly perform brute force attempt to guess the master password, or may carry out phishing, credential stuffing, or other brute force attacks against online accounts associated with your LastPass vault.

Description

It is reported that, threat actors gained access to source code and technical information from the utility¿s developer environment to target users. The threat actors reportedly utilized information copied from backup containing basic customer account information and related metadata from which users were accessing the Password manager service.

The Backup data from the encrypted storage container was stored in a binary format containing both unencrypted data (website URLs) as well as encrypted sensitive fields such as website usernames and passwords, secure notes and form-filled data.

For successful execution the threat actor may target users with a possible brute force attempt to guess the master password, or may perform phishing, credential stuffing and brute force attacks against online accounts associated with the Password manager utility.

Best Practices:

Change your password every 60-90 days on user-level accounts. This ensures threat actors using social engineering, brute force and credential-stuffing attacks cannot use your older passwords to gain access to your systems or data.

Always use strong passwords with a combination of alphabets (both uppercase and lowercase), numerals and special characters. It would minimize the ability for successful brute force password guessing.  

Never reuse the master password on other websites. If you reuse credentials and those credentials gets compromised, hackers can easily access your other accounts as well. The attackers may use dumps of compromised credentials that are already available on the Internet to attempt to access your account.

Do not browse un-trusted websites or click on un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and SMSs.

Exercise due care before clicking on link provided in the message. Only click on URLs that clearly indicate the website domain. When in doubt, users can search for the organisation's website directly using search engines to ensure that the websites they visited are legitimate.

Keep personal information private. Threat Actors can use social media profiles to gather information and make targeted attack against you.

References